Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.
COURSE of the MONTH
10 days, left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Server locking up every hour at same time
Posted on 2014-12-19
One of my clients has a server that freezes every hour at the same time. I believe that when you reboot, whatever time the server comes up is the "magic time" wherein it then begins to lock up each hour. For example- if the server completes its boot at 0938, it will then lock up at 1038, 1138, 1238 and so on. All programs running from it lock up or disconnect entirely. if working directly on the server the mouse moves, but no response from any click or key press. The server is the only one on site- there are only four users. Naturally it is the DC/DNS/DHCP. It also hosts TrendMicro AV. It used to host Spiceworks, but that has been removed. There is absolutely nothing of any help in the Event Logs. I've ran chkdsk and sfc (both of which found and repaired errors) but no change. I assume it has to be a service or app, but I have no idea how to track it.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
- +2
6 Comments
Active today
First place I'd look is in Scheduled Tasks to see if something is running hourly after the boot.
If nothing is in Scheduled Tasks, then I'd download the Microsoft Process Monitor tool, set it to log process initiations (see below) in its own file rather than the pagefile, and see what the last few process initiations are before the system goes down.
If nothing is in Scheduled Tasks, then I'd download the Microsoft Process Monitor tool, set it to log process initiations (see below) in its own file rather than the pagefile, and see what the last few process initiations are before the system goes down.
Process Monitor is a great idea. Also get Process Explorer and TCPView from the same source, SysInternals.
Download the entire suite of SysInternals tools. Process Monitor, Process Explorer and TCPView are all included.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Maybe you have a resource leak? Or a runaway process? Open Process Explorer and pick View -> Select columns so you can pick up more information...process owner, path, threads, handle count, etc....You can sort the live view by any column. If you know when your server is going to hang -up, and it sounds like you do, watch for something eating a lot of resources....whether cpu, memory, network, disk i/o.
You can use TCPView to see who & what is using your tcp ports. I've seen instances where a virus/spyware will use all of the tcp sockets on a machine and freeze it. I've had programmers write bad code that never released a tcp socket when done, so it kept consuming until there were none left. DNS will be listed a lot here, which is ok. Keep an eye on what is using your TCP connections and if it keeps constantly increasing.
Download the entire suite of SysInternals tools. Process Monitor, Process Explorer and TCPView are all included.
http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Maybe you have a resource leak? Or a runaway process? Open Process Explorer and pick View -> Select columns so you can pick up more information...process owner, path, threads, handle count, etc....You can sort the live view by any column. If you know when your server is going to hang -up, and it sounds like you do, watch for something eating a lot of resources....whether cpu, memory, network, disk i/o.
You can use TCPView to see who & what is using your tcp ports. I've seen instances where a virus/spyware will use all of the tcp sockets on a machine and freeze it. I've had programmers write bad code that never released a tcp socket when done, so it kept consuming until there were none left. DNS will be listed a lot here, which is ok. Keep an eye on what is using your TCP connections and if it keeps constantly increasing.
first isolate the issue between software/ hardware, for that boot the server in safe mode and check if safe mode goes beyond 60min. if yes then it is definitely something related to software/OS, then you can check by disabling applications one by one in normal mode (start > run > msconfig > startup/services). for hardware issues it can be anything from a faulty hardware or driver or loose connections etc.
also see if you can analyze memorydump file located in c:\windows to see any issues or the root cause.
also see if you can analyze memorydump file located in c:\windows to see any issues or the root cause.
I have been running Process Monitor for a couple days and nothing jumps at me though it looks like lsass.exe takes as much processing power as the server has when it runs. Unfortunately, I am trying to troubleshoot a remote server so safe mode doesn't help.
This server also host Logics software and all that entails as well.
I am currently running Process Monitor and Process Explorer. Is there someone who is willing to take a closer look at any logs if I can post them? I've been staring at this problem for awhile now.
This server also host Logics software and all that entails as well.
I am currently running Process Monitor and Process Explorer. Is there someone who is willing to take a closer look at any logs if I can post them? I've been staring at this problem for awhile now.
Featured Post
This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function. Typically every network user within an organization has a bit of disk space to store in process items and personal files.
…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, left to enroll
762 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.